Home News StilachiRAT: A Sophisticated Password-Stealing Trojan
News

StilachiRAT: A Sophisticated Password-Stealing Trojan

294

Microsoft’s Incident Response team has identified a new remote access trojan (RAT) known as StilachiRAT, which poses a significant threat to computer users by stealing a wide range of sensitive information. This malware is particularly alarming due to its ability to automatically reinstall itself if removed, ensuring persistence on infected systems.

Key Features of StilachiRAT

  • Self-Reinstatement Capability: StilachiRAT uses watchdog threads to reinstall itself if its binaries are removed, making it difficult to eradicate.
  • Data Theft: The malware steals passwords, cryptocurrency wallet information, operating system details, device identifiers, and even camera presence data.
  • Cryptocurrency Wallet Targets: It targets multiple cryptocurrency wallets, including Coinbase Wallet, Phantom, Trust Wallet, MetaMask, OKX Wallet, Bitget Wallet, and up to 20 others.
  • Reconnaissance Abilities: StilachiRAT gathers extensive system information, including credentials stored in browsers, clipboard data, hardware identifiers, active Remote Desktop Protocol (RDP) sessions, and running GUI applications.
  • Persistence Mechanisms: It uses the Windows service control manager to maintain persistence and reinstalls itself automatically.
  • Evasion Techniques: The malware evades detection by clearing event logs and checking for sandbox environments to block analysis attempts.

Impact and Distribution

StilachiRAT was first discovered in November 2024 but has not yet reached widespread distribution. Microsoft has not linked it to any specific threat actor or geographical location.

How to Stay Safe

  1. Download Software from Official Sources: Only download software from legitimate websites to avoid infection.
  2. Use Security Software: Install and regularly update antivirus software to block malicious domains and email attachments.
  3. Be Cautious of Phishing Attacks: Recognize common phishing signs such as misspelled domain names, suspicious email attachments, or urgent messages.
  4. Use a VPN and Password Manager: Protect privacy with a VPN and secure passwords with a password manager.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...